Terminating HTTPS on EC2 Instances Running
Tomcat

For Tomcat container types, you use a configuration file
to enable the Apache HTTP Server to use HTTPS when acting as the reverse proxy for
Tomcat.

Add the following snippet to your configuration file, replacing the certificate and
private
key material as instructed, and save it in your source bundle's
.ebextensions directory. The configuration file performs the following
tasks:

The packages key uses yum to install mod_ssl.

The files key creates the following files on the instance:

/etc/pki/tls/certs/server.crt

Creates the certificate file on the instance. Replace certificate
file contents with the contents of your certificate.

Note

YAML relies on consistent indentation. Match the indentation level when replacing
content in an example
configuration file and ensure that your text editor uses spaces, not tab characters,
to indent.

/etc/pki/tls/certs/server.key

Creates the private key file on the instance. Replace private key
contents with the contents of the private key used to create the
certificate request or self-signed certificate.

Your certificate vendor may include intermediate certificates that you can install
for
better compatibility with mobile clients. Configure Apache with an intermediate certificate
authority (CA) bundle by adding the following to your SSL configuration file (see
Extending and Overriding the Default Apache Configuration
for the location):

Avoid committing a configuration file that contains your
private key to source control. After you have tested the configuration and confirmed
that it
works, store your private key in Amazon S3 and modify the configuration to download
it during
deployment. For instructions, see Storing Private Keys Securely in Amazon S3.

In a single instance environment, you must also modify the
instance's security group to allow traffic on port 443. The following configuration
file
retrieves the security group's ID using an AWS CloudFormation function and adds a rule to it.